A 2005 malware revamped for cryptojacking, blocking other miners, ransom, & erasing data

malware program which was first found
in 2005
, Shellbot, has made a comeback with more powers;
cryptojacking and switching off other miners. During its early days,
the malware was used to forcefully gain access into Linux servers.

Shellbot is being deployed by malicious actors to forcefully mine
Monero, one of the popular privacy-centric cryptocurrencies.

a report released by Threat Stack, a cybersecurity company based in
Boston, Shellbot has been spotted on a Linux server of a U.S firm
with a global footprint. Although researchers at the cybersecurity
firm are yet to uncover how the malware is propagated, they
discovered that it uses an Internet Relay Chat (IRC) server for
command and control. The IRC server helps Shellbot’s operators to
check the level of damage on an infected machine.

TechCrunch reported that the malware is also able to “shut down other cryptominers on
infected computers.” Consequently, Shellbot accumulates a
considerable chunk of the infected machine’s processing power
thereby mining more Monero coins (XMR). Threat Stack estimates that
the malware nets attackers approximately $300 within 24 hours.

cybersecurity firm’s reported added that:

man goal of this campaign [Shellbot] appears to be monetary gain via
cryptomining and propagating itself to other systems on the

from cryptojacking and shutting down other cryptominers, Shellbot can
exfiltrate and request for a ransom or “destroy data.”

new or previously dormant cryptojacking malware are finding renewed
strength. For instance, another malware, Beapy, has been discovered
to be using NSA’s leaked exploits to infiltrate corporate networks
and mine virtual currencies.

March, the developers of CoinHive, a popular browser-based mining
services and which was abused by malicious actors, withdraw their
support from the project. MalwareBytes ,
a cybersecurity firm, indicated that the failure of CoinHive signaled
cryptojackers would shift their focus from consumers to businesses.
Last month, research done by the cybersecurity firm confirmed the new

Crypto Destroyer

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.